修复中控

This commit is contained in:
dekun
2026-05-30 12:13:33 +08:00
parent acbd9576bc
commit c882a5e565
6 changed files with 94 additions and 18 deletions
+41 -2
View File
@@ -9,7 +9,15 @@ import json
import time
from functools import wraps
from flask import current_app, get_flashed_messages, jsonify, redirect, request, session
from flask import (
current_app,
flash,
get_flashed_messages,
jsonify,
redirect,
request,
session,
)
from hub_auth import request_allowed
from hub_sso import safe_next_path, verify_hub_sso_token
@@ -109,9 +117,32 @@ def install_on_app(
"views": views,
}
install_hub_embed_headers(app)
configure_hub_embed_session(app)
register_hub_routes(app)
def configure_hub_embed_session(app):
"""HTTPS 跨域 iframe 内嵌时须 SameSite=None + Secure,否则 hub-sso 写入的 session 会丢失。"""
import os
allowed = (os.getenv("APP_ALLOW_HUB_EMBED") or "true").strip().lower() in (
"1",
"true",
"yes",
"on",
)
if not allowed:
return
secure = (os.getenv("APP_COOKIE_SECURE") or "").strip().lower()
if secure not in ("1", "true", "yes", "on"):
return
app.config.update(
SESSION_COOKIE_SECURE=True,
SESSION_COOKIE_SAMESITE="None",
SESSION_COOKIE_HTTPONLY=True,
)
def install_hub_embed_headers(app):
"""允许复盘中控 iframe 内嵌打开本实例(须与 hub 的 HUB_EMBED_ORIGINS 或域名一致)。"""
import os
@@ -286,10 +317,18 @@ def register_hub_routes(app):
return redirect(safe_next_path(next_arg))
ex = str((_ctx().get("exchange") or "")).strip().lower()
token = (request.args.get("token") or "").strip()
ok, next_path, _err = verify_hub_sso_token(token, ex)
ok, next_path, err = verify_hub_sso_token(token, ex)
if ok:
session["logged_in"] = True
session.modified = True
return redirect(next_path)
hint = err or "校验失败"
flash(
f"中控 SSO 未生效({hint})。"
"请确认中控与实例 .env 中 HUB_BRIDGE_TOKEN 一致,"
f"且中控设置里该账户 key 为「{ex}」。"
"直链实例地址仍需输入 APP_PASSWORD。"
)
return redirect("/login")